1typeattribute radio coredomain, mlstrustedsubject; 2 3app_domain(radio) 4 5read_runtime_log_tags(radio) 6 7# Property service 8set_prop(radio, radio_control_prop) 9set_prop(radio, radio_prop) 10set_prop(radio, net_radio_prop) 11set_prop(radio, telephony_status_prop) 12set_prop(radio, radio_cdma_ecm_prop) 13 14# ctl interface 15set_prop(radio, ctl_rildaemon_prop) 16 17# Telephony code contains time / time zone detection logic so it reads the associated properties. 18get_prop(radio, time_prop) 19 20# allow telephony to access platform compat to log permission denials 21allow radio platform_compat_service:service_manager find; 22 23allow radio uce_service:service_manager find; 24 25# Manage /data/misc/emergencynumberdb 26allow radio emergency_data_file:dir r_dir_perms; 27allow radio emergency_data_file:file r_file_perms; 28 29# allow telephony to access related cache properties 30set_prop(radio, binder_cache_telephony_server_prop); 31 32# allow sending pulled atoms to statsd 33binder_call(radio, statsd) 34 35net_domain(radio) 36bluetooth_domain(radio) 37binder_service(radio) 38 39# Talks to hal_telephony_server via the rild socket only for devices without full treble 40not_full_treble(`unix_socket_connect(radio, rild, hal_telephony_server)') 41 42# Data file accesses. 43allow radio radio_data_file:dir create_dir_perms; 44allow radio radio_data_file:notdevfile_class_set create_file_perms; 45allow radio radio_core_data_file:dir r_dir_perms; 46allow radio radio_core_data_file:file r_file_perms; 47 48allow radio net_data_file:dir search; 49allow radio net_data_file:file r_file_perms; 50 51add_service(radio, radio_service) 52allow radio audioserver_service:service_manager find; 53allow radio cameraserver_service:service_manager find; 54allow radio drmserver_service:service_manager find; 55allow radio mediaserver_service:service_manager find; 56allow radio nfc_service:service_manager find; 57allow radio app_api_service:service_manager find; 58allow radio system_api_service:service_manager find; 59allow radio timedetector_service:service_manager find; 60allow radio timezonedetector_service:service_manager find; 61 62# Perform HwBinder IPC. 63hwbinder_use(radio) 64hal_client_domain(radio, hal_telephony) 65 66# Used by TelephonyManager 67allow radio proc_cmdline:file r_file_perms; 68 69### 70### Neverallow rules 71### 72 73neverallow { domain -radio -init } 74 binder_cache_telephony_server_prop:property_service set; 75